24403 user authentication against active directory failed

rhuel.phils · ‎03-09-2018

Guys,

We suddenly have issue with our authentication, on live logs we always get 24403 user authentication against active directory failed , BUT as per checking in External Identity Source we able to do Test User and SUCCESS

Anyone have encounter same issue? I have attached some screenshot.

marce1000 · ‎03-09-2018

- Check if the account is disabled or locked as this can cause the error you're getting.2) check your active directory server's logs, see what is has to say about this particular auth-attempt (if possible enable debugging on the AD).

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Mohamed Abd Elnaser Mohamed Mohamed Ali · ‎03-10-2018

Hi rhuel.phils
It is not clear from the screenshot why Authentication against Active directory has failed.

Normally I do get more informative errors about AD authentication Failures like these

Authentication failure gainst AD due to account locked out
=============================================
5400 Authentication failed
+
24415 User authentication against Active Directory failed since user's account is locked out

=========================================================================
Authentication failure gainst AD due to wrong password
==========================================================
5400 Authentication failed
+
24408 User authentication against Active Directory failed since user has entered the wrong password

=========================================================================
Authentication failure gainst AD due to account is disabled
=============================================
5400 Authentication failed
+
24409 User authentication against Active Directory failed since the user's account is disabled

========================================================================

Check the following:
- AD Domain Controller and Your ISE PSN node are NTP Synced (no more than 5 min difference) --> Although your test would have failed also.

If you can share the first screen shot complete especially the right hand side RADIUS steps as it include more information about the AD connection about what might happened?

Also did this happen only once or it is so frequently happening --> you may run the Diagnostic tool in the AD connector to see any errors or warnings

soebeginner · ‎05-21-2019

Hi!
Saw your post about 24408 User authentication against Active Directory failed since user has entered the wrong password.
Is there any failure code number specific for failed authentication against local accounts (e.g. admin) ?

Sathiyanarayanan Ravindran · ‎05-22-2019

If the account is configured on the ACS for login. That time you will get a error code as below.

Message Text	Failed-Attempt: Authentication failed
Failure Reason	22040 Wrong password or invalid shared secret

Regards,
Sathiyanarayanan Ravindran

Please rate the post and accept as solution, if my response satisfied your question:)